On Wed Feb 11 18:45:34 2009, Justin Karneges wrote:
There are quite many XMPP services (bots and such) that you
authenticate with
just by JID. Why would those things be okay, but MUC is somehow
more secure
and requires a password?
Well, yes - in a perfect world, we'd sign stanzas with X.509
certificates, and it's that thinking that makes me want to use X.509
as our identity basis now.
I think it's not *yet* practical to go down that road, though - I
don't think XML canonicalization libraries exist in sufficient
quantity, and I don't think we want to demand that stanzas are signed
individually yet. (I'd love to be proven wrong on this).
But in a year or so, this might become a practical option, in which
case pubsub nodes, MUC rooms, and bots can simply "require signing"
somehow, and all will be right with the world.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
